summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorAdam Johnson <me@adamj.eu>2022-09-02 09:44:05 +0100
committerCarlton Gibson <carlton.gibson@noumenal.es>2022-10-04 09:10:04 +0200
commite5ea2842941967f06cefa10865f303b39c95279f (patch)
treed37fc62ab9c96ff088953a2b1207c115e44392df /docs
parent4771a1694b3b54c7309602820881d3ec9cc2c809 (diff)
Fixed CVE-2022-41323 -- Prevented locales being interpreted as regular expressions.
Thanks to Benjamin Balder Bach for the report.
Diffstat (limited to 'docs')
-rw-r--r--docs/releases/3.2.16.txt6
-rw-r--r--docs/releases/4.0.8.txt6
-rw-r--r--docs/releases/4.1.2.txt6
3 files changed, 16 insertions, 2 deletions
diff --git a/docs/releases/3.2.16.txt b/docs/releases/3.2.16.txt
index 3769d0837c..da0a6c4ed4 100644
--- a/docs/releases/3.2.16.txt
+++ b/docs/releases/3.2.16.txt
@@ -6,4 +6,8 @@ Django 3.2.16 release notes
Django 3.2.16 fixes a security issue with severity "medium" in 3.2.15.
-...
+CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs
+===================================================================================
+
+Internationalized URLs were subject to potential denial of service attack via
+the locale parameter.
diff --git a/docs/releases/4.0.8.txt b/docs/releases/4.0.8.txt
index 602fe0a76a..b057eaa1ea 100644
--- a/docs/releases/4.0.8.txt
+++ b/docs/releases/4.0.8.txt
@@ -6,4 +6,8 @@ Django 4.0.8 release notes
Django 4.0.8 fixes a security issue with severity "medium" in 4.0.7.
-...
+CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs
+===================================================================================
+
+Internationalized URLs were subject to potential denial of service attack via
+the locale parameter.
diff --git a/docs/releases/4.1.2.txt b/docs/releases/4.1.2.txt
index 1dddbf44a0..2ee6fe0f5c 100644
--- a/docs/releases/4.1.2.txt
+++ b/docs/releases/4.1.2.txt
@@ -7,6 +7,12 @@ Django 4.1.2 release notes
Django 4.1.2 fixes a security issue with severity "medium" and several bugs in
4.1.1.
+CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs
+===================================================================================
+
+Internationalized URLs were subject to potential denial of service attack via
+the locale parameter.
+
Bugfixes
========